19:07:18 <cyberpear> #startmeeting Ansible Lockdown Working Group
19:07:18 <zodbot> Meeting started Thu May  7 19:07:18 2020 UTC.
19:07:18 <zodbot> This meeting is logged and archived in a public location.
19:07:18 <zodbot> The chair is cyberpear. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:07:18 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
19:07:18 <zodbot> The meeting name has been set to 'ansible_lockdown_working_group'
19:07:28 <cyberpear> #chair dfed[m] xgeorgex
19:07:28 <zodbot> Current chairs: cyberpear dfed[m] xgeorgex
19:07:34 <cyberpear> #topic Roll Call
19:07:41 <cyberpear> who's here for Lockdown WG meeting today?
19:09:26 <cyberpear> .hello2
19:09:27 <zodbot> cyberpear: cyberpear 'James Cassell' <fedoraproject@cyberpear.com>
19:09:31 <cyberpear> is it just me today?
19:11:31 <cyberpear> #topic generic Linux OS Lockdown role
19:12:41 <cyberpear> #info https://github.com/jamescassell/lockdown-linux is a proof-of-concept multi-standard, multi-OS role for locking down/hardening systems according to CIS or STIG
19:15:48 <cyberpear> the role currently configures MACs and Ciphers in sshd_config
19:16:21 <cyberpear> I've tested it on Ubuntu 18.04, RHEL 7, OpenSUSE LEAP
19:16:51 <cyberpear> it works both in a container, and on a live system -- "live system" being defined as having an init system running.
19:18:48 <cyberpear> still needs a README
19:44:42 <cyberpear> it doesn't work self-hosted on RHEL 6 because python2.6 support went away in ansible-2.7, and ansible-2.7 is the oldest version where the POC works currently
19:46:20 <cyberpear> it otherwise works on RHEL 6, and can be self-hosted if you run modern ansible in a python virtualenv and send `-e ansible_python_interpreter=/usr/bin/python`
19:46:38 <cyberpear> #topic Open Floor
19:46:46 <cyberpear> anyone else have anything to discuss?
20:04:06 <cyberpear> #endmeeting